CA Court Lets Online Stores Get Personal Data

A narrowly divided state Supreme Court ruled Monday that Apple Inc. and other online retailers can continue to require California customers making purchases with credit cards to provide personal information to combat fraud.

An Apple customer sued the Cupertino-based company in 2011 after he was required to submit his home address and phone number when using a credit card to purchase music. The lawsuit alleged that Apple violated a two-decade old California state law prohibiting traditional "brick-and-mortar" retailers from demanding such personal information to complete a credit card transaction.

The 4-3 ruling said that law doesn't apply to online companies because they need the data to combat identity theft and credit card fraud. They are unable to require photo identification during credit card transactions, which traditional retailers are permitted to do.

"Unlike a brick-and-mortar retailer, an online retailer cannot visually inspect the credit card, the signature on the back of the card, or the customer's photo identification," Justice Goodwin Liu wrote for the majority court.

Liu said state lawmakers were concerned only with brick-and-mortar retailers unnecessarily requiring personal information during credit card transactions when they adopted the law in 1990 when no one — even Apple's legendary founder Steve Jobs — envisioned the explosive growth of online commerce.

"In 1990, the idea of computerized transactions involving the sale and purchase of virtual products was beyond any legislator's imagination," Liu wrote. "Such technology was not even a twinkle in Steve Jobs's eye."

Justice Joyce Kennard, one of three dissenters, said Monday's ruling leaves "Internet retailers free to demand personal identification information from their credit-card-using customers and to resell that information to others. The majority's decision is a major win for these sellers, but a major loss for consumers, who in their online activities already face an ever increasing encroachment upon their privacy."

The Supreme Court two years ago unanimously ruled that Williams-Sonoma and other traditional retailers were wrong to require credit card customers to provide their ZIP codes. That ruling led to a flurry of class action lawsuits alleging brick-and-mortar stores with such policies violated the 1990 law, known as the the Song-Beverly Credit Card Act. Later in 2011, the Legislature amended the credit card act to exempt gas stations from the ZIP code ruling, concluding those retailers needed the information to prevent fraud at the pump.

In his majority opinion, Justice Liu argued that the Legislature is free to once again amend the law to include online stores if lawmakers feel customers' privacy interests in refusing to divulge addresses and phone numbers outweigh Apple and other online stores battle against fraud.